Should PCI Compliance Keep You Up at Night?

February 17, 2016 • Published Categories Best Practices Tags

Guest post by Ray Moorman, Director of Product Management, Vantiv Integrated Payments (formerly Mercury Payment Systems) Why should PCI compliance and security be a top priority? Despite the ongoing advances in point-of-sale systems and technologies, data breaches remain a very real threat to the average small … Read more

Third Party Services: Ease or Risk?

September 9, 2015 • Published Categories Best Practices Tags ,

While assessing one of the largest public sector enterprises recently, I asked for the routine maintenance reports and records for IT, Human Resource & Facility Administration. The auditee promptly dug out the files and presented the requisite records. While reviewing the records I noticed that … Read more

Do Vendors Keep a PCI Compliance Certificate?

April 2, 2015 • Published Categories PCI 101 Tags , , ,

“Ask the QSA” Question: Is there a PCI Compliance certificate that we need to ask vendors for? Answer: There is no “certificate” for PCI compliance. You can ask for an AOC (Attestation of Compliance) which, properly completed, should assist you in knowing what PCI compliant services … Read more

Ready Your 3.0 SAQ Game Plan

December 17, 2014 • Published Categories Best Practices Tags , , , , , , , ,

2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs.  I have spoken to Merchant Banks, Processors, small businesses, IT … Read more

Our Service Provider is Compliant, Must Our Organization Be As Well?

December 9, 2014 • Published Categories PCI 101 Tags , , , , ,

“Ask the QSA” Question: My organization is an online service provider. Our customers are merchants (i.e., our customers are receiving the payment through our servers) and the credit card payment storage is done by a Level 1 PCI DSS Validated third party. Does my organization … Read more